Move trusted domain check to init()

handleRequest() is not called from remote.php or public.php which made these files party available but all included apps in there produced errors.

As the expected behaviour is anyways that a trusted domain warning is shown I moved this to init()

Fixes https://github.com/owncloud/core/issues/10064

diff --git a/lib/base.php b/lib/base.php
index 18331dd86aad6b2ca86bf602f39736dea1656050..fb445124011d4d9699a733d76a88b4f8baca4fa3 100644 (file)
--- a/lib/base.php
+++ b/lib/base.php
@@ -583,6 +583,21 @@ class OC {
                        );
                        return;
                }
+
+               $host = OC_Request::insecureServerHost();
+               // if the host passed in headers isn't trusted
+               if (!OC::$CLI
+                       // overwritehost is always trusted
+                       && OC_Request::getOverwriteHost() === null
+                       && !OC_Request::isTrustedDomain($host)
+               ) {
+                       header('HTTP/1.1 400 Bad Request');
+                       header('Status: 400 Bad Request');
+                       $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
+                       $tmpl->assign('domain', $_SERVER['SERVER_NAME']);
+                       $tmpl->printPage();
+                       return;
+               }
        }
 
        private static function registerLocalAddressBook() {
@@ -683,21 +698,6 @@ class OC {
                        exit();
                }
 
-               $host = OC_Request::insecureServerHost();
-               // if the host passed in headers isn't trusted
-               if (!OC::$CLI
-                       // overwritehost is always trusted
-                       && OC_Request::getOverwriteHost() === null
-                       && !OC_Request::isTrustedDomain($host)
-               ) {
-                       header('HTTP/1.1 400 Bad Request');
-                       header('Status: 400 Bad Request');
-                       $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
-                       $tmpl->assign('domain', $_SERVER['SERVER_NAME']);
-                       $tmpl->printPage();
-                       return;
-               }
-
                $request = OC_Request::getPathInfo();
                if (substr($request, -3) !== '.js') { // we need these files during the upgrade
                        self::checkMaintenanceMode();